module Tunables where

import Types
import Cost
import qualified Crypto.Argon2 as Argon2

data Tunables = Tunables
	{ objectSize :: Int
	-- ^ size of objects stored in keysafe, in bytes
	, argonOptions :: Argon2.HashOptions
	, argonCost :: Cost CreationOp
	-- ^ should correspond to the argonOptions
	, decryptionPuzzleCost :: Cost DecryptionOp
	-- ^ cost of decryption puzzle
	}

defaultTunables :: Tunables
defaultTunables = Tunables
	{ objectSize = 1024*64 -- 64 kb
	, argonOptions = Argon2.HashOptions
		{ Argon2.hashIterations = 10000
		, Argon2.hashMemory = 131072 -- 128 mebibtyes per thread
		, Argon2.hashParallelism = 4 -- 4 threads
		, Argon2.hashVariant = Argon2.Argon2i
		}
	-- argon2 is GPU and ASIC resistent, so it uses CPU time.
	-- The above HashOptions were benchmarked at 661 seconds CPU time
	-- on a 2 core Intel(R) Core(TM) i5-4210Y CPU @ 1.50GHz.
	-- Since cost is measured per core, we double that.
	, argonCost = CPUCost (Seconds (2*600))
	-- AES can be calculated more efficiently by a GPU, so this
	-- cost is a GPU cost.
	-- This is set to only 1 minute because GPUs are quite a lot
	-- faster than CPUs at AES, and so setting it higher would make
	-- clients too slow at key recovery.
	, decryptionPuzzleCost = GPUCost (Seconds 60)
	}

-- | Dials back cryptographic difficulty, not for production use.
testModeTunables :: Tunables
testModeTunables = Tunables
	{ objectSize = 1024*64
	, argonOptions = Argon2.defaultHashOptions
	, argonCost = CPUCost (Seconds (2*600))
	, decryptionPuzzleCost = GPUCost (Seconds 60)
	}